This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- NSA discovers critical Exchange Server vulnerabilities, patch now
April 13, 2021
Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. All the flaws lead to remote code execution on a vulnerable machine and were discovered and reported to Microsoft by the U.S. National Security Agency (NSA). Microsoft also found some of them ...
- HTTPS over HTTP: A Supply Chain Attack on Azure DevOps Server 2020
April 13, 2021
The need for data encryption during transmission has paved the way for organizations to rely on TLS — not just for sending data through the internet, but even within trusted corporate environments. Without the use of TLS or SSL, the authenticity of transmitted data and the identity of endpoint can’t be verified. In this blog, we ...
- Capcom: Ransomware gang used old VPN device to breach the network
April 13, 2021
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their ...
- NAME:WRECK DNS vulnerabilities affect over 100 million devices
April 13, 2021
Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in widespread TCP/IP stacks ...
- Man Arrested for AWS Bomb Plot
April 12, 2021
A Texas man has been charged with plotting a bombing of Amazon Web Services in a quest to allegedly “kill off the internet.” Seth Aaron Pendley was arrested in Ft. Worth after allegedly attempting to get an explosive device from an undercover FBI employee in a sting. The feds were alerted to Pendley after a concerned ...
- Winter 2020 Network Attack Trends: Internet of Threats
April 12, 2021
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including ...